CLAIMS 

What is claimed is: 



1 1 . A method for establishing a secure communication session among a first node 

2 of a network and one or more other nodes using a group shared secret key, 

3 each of the nodes having a private key value associated therewith, the method 

4 comprising the computer-implemented steps of: 

5 communicating a first public key value of the first node to a second node; 

6 creating and storing an initial shared secret key for the first node and second 

7 node based on a first private key value and a second public key value 

8 that is received fi:om the second node; 

9 creating and storing information at the first node that associates the first node 

10 with a first network communication entity by generating a collective 

1 1 public key value that is shared by the first node and a second node and 

12 based on the first private key value and a second private key value that 

13 is derived by the first node fi-om the second public key value; 

14 receiving a third public key value fi-om a third node that seeks to join the first 

15 network communication entity; 

16 creating and storing a shared secret key value based on the collective public 

17 key value and the third public key value; 

18 joining the first node to a second network communication entity that includes 

19 the first network commxmication entity and the third node and that 

20 uses secure communication with messages that are encrypted using 

2 1 the shared secret key value. 

12. A method as recited in Claim 1, wherein joining the first node to a second 

2 network communication entity includes the step of communicating the first 

3 private key value to the second node and to the third node using messages 

4 encrypted using the shared secret key value. 
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13. A method as recited in Claim 1, wherein creating and storing a shared secret 

2 key value further comprises creating and storing the shared secret key based 

3 upon how many times each node of the second network communication entity 

4 has participated in formation of any such entity and based upon each private 

5 number of each node in the second network communication entity. 

1 4. A method as recited in Claim 1, further comprising the step of 

2 creating and storing a subsequent shared secret key for use by the 

3 first network communication entity and the third node to enable 

4 the third node to independently compute the group shared secret 

5 key. 

15, A method as recited in Claim 4, wherein creating and storing the 

2 subsequent shared secret key comprises creating and storing the 

3 subsequent shared secret key, k, according to the relation 

4 k = p(^*^)**y)^^*^>mod(q) 

5 where p = a random number, q = a prime number, a = the first private key 

6 value, b = the second private key value, c = a private key value of the 

7 third node, x = a number of times the first node has participated in 

8 entity formation, y = a number of times the second node has 

9 participated in entity formation, and z = a number of times the third 
10 node has participated in entity formation. 

1 6. A method as recited in Claim 5, further comprising the step of storing and 

2 distributing the first pubUc value and the second pubUc value using a key 

3 distribution center. 

1 7. A method as recited in Claim 5, wherein the step of joining the first node to a 

2 second network communication entity further comprises: 
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3 creating and storing a collective public key based upon the first private key 

4 value, the second private key value, and the third private key value; 

5 communicating a collective public key of the second network communication 

6 entity to the third node. 

1 8. A method as recited in Claim 7, wherein the step of joining the first node to a 

2 second network communication entity fiirther comprises determining which 

3 one of the nodes of the first network communication entity is designated to 

4 transfer the collective pubHc key based upon order of entry into the formed 

5 entity. 

19. A method as recited in Claim 7, wherein the step of joining the first node to a 

2 second network communication entity fiirther comprises determining which 

3 one of the nodes of the first network communication entity is designated to 

4 transfer the collective public key based upon a predetermined metric. 

1 10. A method as recited in Claim 1, wherein creating and storing an initial shared 

2 secret key for the first node and second node comprises creating and storing 

3 an initial shared public key "AB" according to the relation 

4 AB = kab'^ mod (q) = p^^^^^^^^ mod (q) 

5 wherein k = the initial shared secret key value, a = the first private key value, 

6 b = the second private key value, p is a base value, and q is a 

7 randomly generated prime number value. 

1 11. A method for establishing a secure communication session among a first node 

2 of a network and one or more other nodes that are joined in a first network 

3 communication entity, using a group shared secret key, each of the nodes 

4 having a private key value associated therewith, the method comprising the 

5 computer-implemented steps of: 
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6 communicating a first public key value from a first node that is joining the 

7 first network communication entity to each other node that is currently 

8 within the first network communication entity; 

9 receiving a collective public key value that is shared by each other node in the 

10 first network communication entity and that is based on private key 

1 1 values associated with each other node in the network communication 

12 entity; 

13 creating and storing the group shared secret key value based on the collective 

14 public key value and the private key value associated with the first 

15 node; 

1 6 joining the first node to a second network communication entity that includes 

17 the first network communication entity and the first node and that uses 

18 secure communication with messages that are encrypted using the 

19 shared secret key value. 

1 12. A method as recited in Claim 1 1, wherein joining the first node to a second 

2 network communication entity includes the step of communicating the private 

3 key value of the first node to all other nodes that are in the first network 

4 communication entity using messages encrypted using the shared secret key 

5 value. 

1 13. A method as recited in Claim 1 1, wherein creating and storing the group 

2 shared secret key value further comprises creating and storing the group 

3 shared secret key based upon how many times each node of the second 

4 network communication entity has participated in formation of any such 

5 entity and based upon each private number of each node in the second 

6 network communication entity. 

1 14. A method as recited in Claim 1 1 , further comprising the step of 

2 creating and storing a subsequent shared secret key for use by the 
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3 first network communication entity and the first node to enable the 

4 first node to independently compute the group shared secret key. 

1 15. A method as recited in Claim 14, wherein creating and storing the 

2 subsequent shared secret key comprises creating and storing the 

3 subsequent shared secret key, k, according to the relation 

4 k = p^^*")^*y^^^*^^mod(q) 

5 where p = a random number, q = a prime number, a = the first private key 

6 value, b = the second private key value, c = a private key value of the 

7 third node, x = a number of times the first node has participated in 

8 entity formation, y = a number of times the second node has 

9 participated in entity formation, and z = a number of times the third 
1 0 node has participated in entity formation. 

1 16. A method as recited in Claim 1 1, fiirther comprising the step of 

2 communicating the first pubHc key value of the first node to the first network 

3 communication entity by storing the first public key value in a key 

4 distribution center. 

1 17. A method as recited in Claim 11, wherein the step of joining the first node to 

2 a second network communication entity fiirther comprises creating and 

3 storing a subsequent collective public key based upon the collective public 

4 key value and the first public key value of the first node. 

1 18. A method as recited in Claim 1 1 , wherein the step of joining the first node to 

2 a second network communication entity fiirther comprises receiving the 

3 collective pubUc key fi-om one of the nodes of the first network 

4 communication entity that was the first node to join the first network 

5 communication entity. 
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1 19. A method as recited in Claim 1 1 , wherein receiving the collective public key 

2 value comprises receiving an initial shared pubhc key "AB" defined 

3 according to the relation 

4 AB = kab'^ mod (q) = p^^^^^^^^ mod (q) 

5 wherein k = the initial shared secret key value, a = the first private key value, 

6 b = the second private key value, p is a base value, and q is a 

7 randomly generated prime number value. 

8 20. A method for exchanging cryptographic keys, the method comprising the 

9 steps of: 

1 0 forming a multicast group initially comprising a first node and a second node, 

1 1 the first node generating a first private value, the second node 

12 generating a second private value, wherein the initial multicast group 

13 exchanges the first private value and the second private value with the 

14 second node and the first node, respectively, using a shared secret key, 

15 the multicast group generating a common pubHc key; and 

16 joining the multicast group by a new node, the new node generating a new 

1 7 private value and a corresponding pubhc key, the step of joining 

18 includes: 

1 9 sending the common pubhc key of the multicast group by a member of the 

20 multicast group to the new node; 

21 tracking a number of times each node in the multicast group participates in 

22 the step of j oining; 

23 computing a new shared secret key by the new node based upon the common 

24 public key of the multicast group and the new private value; 

25 publishing the public key of the new node; and 

26 computing the new shared secret key by each member of the multicast group 

27 based upon the pubhc key of the new node, the private values of each 

28 member, and the number of times each node in the multicast group 

29 participates in the step of joining. 

50325-0855 (Seq. No. 1397) 



1 21. A method as recited in Claim 20, wherein the public values are stored and 

2 distributed by a key distribution center. 

1 22. A method as recited in Claim 20, wherein the step of joining further 

2 comprises determining the sending member based upon order of entry into 

3 the multicast group. 

1 23. A method as recited in Claim 20, wherein the step of joining further 

2 comprises determining the sending member based upon a predetermined 

3 metric. 

1 24. A method as recited in Claim 20, wherein the plurality of nodes communicate 

2 over a packet switched network, that supports, in part, Internet Protocol. 

1 25. A method as recited in Claim 20, wherein the first node, the second node, and 

2 the new node are authenticated by a distributed directory. 

1 26. A computer-readable medium carrying one or more sequences of one or more 

2 instructions for establishing a secure communication session among a first 

3 node of a network and one or more other nodes using a group shared secret 

4 key, each of the nodes having a private key value associated therewith, the 

5 one or more sequences of one or more instructions including instructions 

6 which, when executed by one or more processors, cause the one or more 

7 processors to perform the steps of: 

8 communicating a first public key value of the first node to a second node; 

9 creating and storing an initial shared secret key for the first node and second 

10 node based on a first private key value and a second public key value 

1 1 that is received firom the second node; 
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12 creating and storing information at the first node that associates the first node 

1 3 with a first network communication entity by generating a collective 

14 public key value that is shared by the first node and a second node and 

1 5 based on the first private key value and a second private key value that 

16 is derived by the first node fi-om the second public key value; 

17 receiving a third public key value from a third node that seeks to join the first 

1 8 network communication entity; 

19 creating and storing a shared secret key value based on the collective public 

20 key value and the third public key value; 

2 1 joining the first node to a second network communication entity that includes 

22 the first network communication entity and the third node and that 

23 uses secure communication with messages that are encrypted using 

24 the shared secret key value. 

1 27. A multicast communication server for estabhshing a secure communication 

2 session among a first node of a network and one or more other nodes using a 

3 group shared secret key, each of the nodes having a private key value 

4 associated therewith, comprising: 

5 means for communicating a first public key value of the first node to a second 

6 node; 

7 means for creating and storing an initial shared secret key for the first node 

8 and second node based on a first private key value and a second 

9 public key value that is received firom the second node; 

10 means for creating and storing information at the first node that associates the 

1 1 first node with a first network communication entity by generating a 

12 collective public key value that is shared by the first node and a 

13 second node and based on the first private key value and a second 

14 private key value that is derived by the first node fi"om the second 

15 public key value; 

16 means for receiving a third public key value firom a third node that seeks to 

17 join the first network communication entity; 
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1 8 means for creating and storing a shared secret key value based on the 

1 9 collective public key value and the third public key value; 

20 means for joining the first node to a second network commxmication entity 

21 that includes the first network communication entity and the third 

22 node and that uses secure communication with messages that are 

23 encrypted using the shared secret key value. 

1 28. A method as recited in Claim 1 , wherein creating and storing a shared secret 

2 key value fiirther comprises creating and storing the shared secret key 

3 according to the relation 

4 kabc - (AB)^ mod (q) = p^^'^^^'^' mod (q) - p^^'**'^^ mod (q) 

5 where p = a random number, q = a prime number, a = the first private key 

6 value, b = the second private key value, c = a private key value of the 

7 third node, AB = the collective public key value. 
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